UNPKG

@poppinss/oauth-client

Version:

A framework agnostic package to implement "Login with" flow using OAuth compliant authorization servers.

github.com/poppinss/oauth-client

poppinss/oauth-client

109 lines (108 loc) 3.84 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
import { type Oauth2AccessToken, type Oauth2ClientConfig, type Oauth2PkceMethod, type ApiRequestContract, type RedirectRequestContract } from '../../types.ts'; import { HttpClient } from '../../http_client.ts'; import { UrlBuilder } from '../../url_builder.ts'; /** * Generic implementation of OAuth2. */ export declare class Oauth2Client<Token extends Oauth2AccessToken> { options: Oauth2ClientConfig; constructor(options: Oauth2ClientConfig); /** * Define the authorize url. Can be overridden by config */ protected authorizeUrl: string; /** * Define the access token url. Can be overridden by config */ protected accessTokenUrl: string; /** * Returns the PKCE code verifier for building the authorization redirect. * Child classes can override this method to generate and persist a verifier. */ protected getPkceCodeVerifierForRedirect(): string | null; /** * Returns the PKCE code verifier for the access token exchange. * Child classes can override this method to load a previously persisted verifier. */ protected getPkceCodeVerifierForAccessToken(): string | null; /** * Returns the PKCE code challenge. Child classes can override this method * to customize the challenge derivation or persistence strategy. */ protected getPkceCodeChallenge(codeVerifier: string): string; /** * Returns the PKCE code challenge method. */ protected getPkceCodeChallengeMethod(): Oauth2PkceMethod; /** * Processing the API client response. The child class can overwrite it * for more control */ protected processClientResponse(client: HttpClient, response: any): any; /** * Configure the redirect request. Invoked before * the user callback. * * The client defaults can be removed using the `clearParam` method */ protected configureRedirectRequest(_: RedirectRequestContract): void; /** * Configure the access token request. Invoked before * the user callback. * * The client defaults can be removed using the `clearParam` or * `clearOauth1Param` methods */ protected configureAccessTokenRequest(_: ApiRequestContract): void; /** * Returns the instance of the HTTP client for internal use */ protected httpClient(url: string): HttpClient; /** * Returns the instance of the URL builder */ protected urlBuilder(url: string): UrlBuilder; /** * Generates a random PKCE code verifier. */ protected makeCodeVerifier(): string; /** * Generates a PKCE code challenge from the given verifier. */ protected makeCodeChallenge(codeVerifier: string, method?: Oauth2PkceMethod): string; /** * Returns the redirect url for redirecting the user. Pre-defines * the following params * * - redirect_uri * - client_id */ getRedirectUrl(callback?: (request: RedirectRequestContract) => void): string | Promise<string>; /** * Generates a random token to be stored as a state and to be sent along * for later verification */ getState(): string; /** * Verifies the redirect input with the state input */ verifyState(state: string, inputValue?: string): void; /** * Get the access token from the authorization code. One must define * the authorization code using the callback input. * * ```ts * client.getAccessToken((request) => { * request.field('code', authorizationCode) * }) * ``` * * Pre-defines the following form fields * * - grant_type = 'authorization_code' * - redirect_uri * - client_id * - client_secret */ getAccessToken(callback?: (request: ApiRequestContract) => void): Promise<Token>; }